LSM: Make the Labeled IPsec hooks more stack friendly

[linux-2.6-omap-h63xx.git] / net / xfrm / xfrm_output.c

diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index f4a1047a55737929efd37f989c53fc18adea6b53..2519129c6d213f85bceebc165e2c27744f2fd3b6 100644 (file)
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -62,8 +62,9 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
                }
 
                if (x->type->flags & XFRM_TYPE_REPLAY_PROT) {
-                       XFRM_SKB_CB(skb)->seq = ++x->replay.oseq;
+                       XFRM_SKB_CB(skb)->seq.output = ++x->replay.oseq;
                        if (unlikely(x->replay.oseq == 0)) {
+                               XFRM_INC_STATS(LINUX_MIB_XFRMOUTSTATESEQERROR);
                                x->replay.oseq--;
                                xfrm_audit_state_replay_overflow(x, skb);
                                err = -EOVERFLOW;
@@ -123,7 +124,7 @@ int xfrm_output_resume(struct sk_buff *skb, int err)
                if (!x)
                        return dst_output(skb);
 
-               err = nf_hook(x->inner_mode->afinfo->family,
+               err = nf_hook(skb->dst->ops->family,
                              NF_INET_POST_ROUTING, skb,
                              NULL, skb->dst->dev, xfrm_output2);
                if (unlikely(err != 1))
@@ -192,4 +193,20 @@ int xfrm_output(struct sk_buff *skb)
 
        return xfrm_output2(skb);
 }
+
+int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+       struct xfrm_mode *inner_mode;
+       if (x->sel.family == AF_UNSPEC)
+               inner_mode = xfrm_ip2inner_mode(x,
+                               xfrm_af2proto(skb->dst->ops->family));
+       else
+               inner_mode = x->inner_mode;
+
+       if (inner_mode == NULL)
+               return -EAFNOSUPPORT;
+       return inner_mode->afinfo->extract_output(x, skb);
+}
+
 EXPORT_SYMBOL_GPL(xfrm_output);
+EXPORT_SYMBOL_GPL(xfrm_inner_extract_output);